Re: web and databases
Date: 1996/07/08
Message-ID: <Matthew.Healy-0807961150090001_at_pudding.med.yale.edu>#1/1
In article <31D94510.4BD9_at_dsi.ing.unifi.it>, Franco Scarselli <franco_at_dsi.ing.unifi.it> wrote:
: Hi,
:
: I am going to restructure the informatic organization of an association.
: A part of the work requires the introduction of a Windows NT server that
: should contain administration and medical data. I think to use a DBMS
: among Microsoft SQL server, Oracle SQL server and Sybase SQL server.
:
: I have to rewrite all the (few) existing applications. I thought about a
: common interface to use. What about writing interfaces by HTML documents
: ? That is, I would use a WEB server to produce interfaces for ALL the
: applications that use the database, that is for ALL the applications
: that are used in the association.
:
: Which are pros and cons of such a solution ? Are there security
: problems ? Are there examples of this approach ?
:
: I thank in advance anybody who can help me.
:
I wrote the chapter on CGI interfaces to relational databases in a recent book on CGI programming, in which I said quite a bit about these issues.
Another excellent reference is a recent book by Jeff Rowe, {Building Internet Database Servers with CGI}. Jeff's WWW site also has a tremendous amount of useful information about database/CGI work.
Take a look at the following URLs for more information:
http://www.mcp.com/que/et/se_cgi/Cgi13fi.htm http://www.mcp.com/que/et/se_cgi/Toc.htm http://www.mcp.com/que/et/se_cgi/frontmat.htm#about
http://cscsun1.larc.nasa.gov/~beowulf/db/existing_products.html
The short answer is: a CGI interface can do quite a lot in the way of providing cross-platform database access over the Net. However, at the present state of the art it still has some limitations:
o development tools are still rather primitive, and whatever
tools you end up using, you'll probably end up doing at least
some hand-hacking of SQL/HTML/PERL/C/WHATEVER code.
o unless you include some JAVA applets (and I won't go into
the issues there, since I've limited JAVA knowledge), you're
stuck with the somewhat limited set of GUI widgets provided
by HTML.
o http uses a stateless server design. This is the biggest
limitation of http for database work, because it means:
+ no concept of current connection state
+ no concept of logging-in and logging-out
+ concurrent updates are a _mess_ because you
can't lock rows while a user is editing a local
copy of the data
+ client-side caching of passwords presents a big
security hole if the browser is in a public place
like a kiosk -- with most browsers, it caches the
password until the user quits the browser; if they
just walk away anybody else can use the cached
passwords
+ for data entry, the entire form is submitted when
the user hits the "submit" button -- there's no
provision for field-level validation unless you
use a client-side scripting language like JAVA
Overall, I'd say CGI is quite good for searching, and acceptable for submitting new data provided you have a decent validation scheme -- though I'd advise holding all submitted data somewhere for human review before including it in the searchable database.
For updating, I don't think it's there yet.
And for any application, it will take more work than an equivalent application with a conventional C/S package. However, and here's the big win, once you get it working for any standard WWW browser it should work for any other popular browser (assuming you avoid using browser-specific HTML tags!).
Matthew.Healy_at_yale.edu
http://paella.med.yale.edu/~healy/matt_healy.html Center for Medical Informatics, Yale School of Medicine
Any content-based regulation of the Internet, no matter how benign the purpose, could burn the global village to roast the pig.
--Judge Dalzell in ACLU v. Reno, No. 96-963 (E.D. Pa.) Received on Mon Jul 08 1996 - 00:00:00 CEST